CVE-2022-50410 – This vulnerability in the Linux kernel's NFS se... (How to Fix)

Q: What is the severity of CVE-2022-50410?

CVE-2022-50410 has a CVSS score of 7.8 (HIGH). This vulnerability in the Linux kernel's NFS server allows attackers to overflow send buffers by sending excessively large RPC Call messages. This affects systems running NFSv2 services, potentially leading to denial of service or kernel crashes. Any Linux system with NFSD enabled is vulnerable.

📋 TL;DR

This vulnerability in the Linux kernel's NFS server allows attackers to overflow send buffers by sending excessively large RPC Call messages. This affects systems running NFSv2 services, potentially leading to denial of service or kernel crashes. Any Linux system with NFSD enabled is vulnerable.

💻 Affected Systems

Products:

Linux kernel NFS server (nfsd)

Versions: Linux kernel versions before fixes in stable releases (check specific kernel versions)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if NFS server (nfsd) is enabled and running. NFSv2 is less commonly used than v3/v4.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to complete system crash and denial of service

🟠

Likely Case

NFS service disruption, potential denial of service affecting NFS clients

🟢

If Mitigated

Limited impact if NFS is not exposed or properly firewalled

🌐 Internet-Facing: MEDIUM - NFS should not be internet-facing, but misconfigurations exist

🏢 Internal Only: MEDIUM - Internal attackers could disrupt NFS services

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to NFS port (2049). No authentication needed for the buffer overflow attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel stable releases containing the fix commits

Vendor Advisory: https://git.kernel.org/stable/c/1868332032eccbab8c1878a0d918193058c0a905

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version with 'uname -r'. 4. Restart nfsd service if needed.

🔧 Temporary Workarounds

Disable NFSv2

linux

Disable NFS version 2 protocol support

echo "options nfs nfs4_disable_idmapping=1" > /etc/modprobe.d/nfs.conf
systemctl restart nfs-server

Restrict NFS access

linux

Use firewall rules to limit NFS access to trusted networks

iptables -A INPUT -p tcp --dport 2049 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -j DROP

🧯 If You Can't Patch

Disable NFS server entirely if not needed
Implement strict network segmentation and firewall rules to limit NFS access

🔍 How to Verify

Check if Vulnerable:

Check if NFS server is running: 'systemctl status nfs-server' or 'ps aux | grep nfsd'. Check kernel version against patched releases.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and test NFS functionality remains operational

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
NFS server crash logs
Large RPC message size warnings

Network Indicators:

Unusually large RPC packets to port 2049
Multiple connection attempts with large payloads

SIEM Query:

source="kernel" AND ("panic" OR "oops") OR source="nfsd" AND "large" AND "RPC"

📊 Metadata

CVE ID: CVE-2022-50410

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.01% exploit probability (1.1th percentile)

Published: September 18, 2025

Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50410, you might also want to check these: